Exam ID : HPE6-A81
Exam type : Proctored
Exam duration : 2 hours
Exam length : 60 questions
Passing score : 65%
Delivery languages : English
Supporting resources
Aruba Advanced ClearPass Troubleshooting and Solutions, Rev. 20.41
Aruba ClearPass Essentials, Rev. 20.11 (inactive on February 28, 2023)
The Aruba Certified ClearPass Expert (ACCX) certification validates that the candidate is able to design, configure, and troubleshoot various ClearPass products commonly used in large scale customer deployments. This included ClearPass policy manager, Guest, Profiling, Onboarding, Onguard, Posture, Clustering, Redundancy, and external server integration.
You need an HPE Learner ID and a Pearson VUE login and password.
Examkingdom HPE HPE6-A81 Exam pdf,
Best HPE HPE6-A81 Free downloads , HPE HPE6-A81 Dumps at Certkingdom.com
Register for this Exam
Passing the HPE6-A81 Aruba Certified ClearPass Expert Written Exam is required before registering for the practical exam.
No reference material is allowed at the testing site. This exam may contain beta test items for experimental purposes.
During the exam, you can make comments about the exam items. We welcome these comments as part of our continuous improvement process.
Ideal candidateTypical candidates for this certification are networking IT professionals with a minimum of three to five years experience in designing and integrating complex enterprise-level mobile first networks.
Exam contents
This exam has 60 questions.
Here are types of questions to expect:
Multiple choice (multiple responses)Multiple choice (single response)
Advice to help you take this exam
Complete the training and review all course materials and documents before you take the exam.
Exam items are based on expected knowledge acquired from job experience, an expected level of industry standard knowledge, or other prerequisites (events, supplemental materials, etc.).
Successful completion of the course or study materials alone, does not ensure you will pass the exam.
This exam validates that you can:
20% Deployment and Cluster
Cluster Layout positioning of Publisher and Subscribers, Use of Policy Manager Zones
High Availability and Redundancy Design, including Virtual IP addressing and Standby Publisher
Licenses
EAP and HTTPS server Certificates
The Roles of Data and Management Port related to AAA traffic and HTTP Guest Traffic
Authentication Sources Including Active Directory
24% Guest Access Design and Implementation
Guest Account Management
Self-Registration both with and without sponsorship
Implimentation of both Server and Controller Initiated Captive Portal Authentication
Implimenting Guest Access on both wired and wireless infrastructure. Mainly focused on Aruba Networks Access layer devices. Cisco Gear will also be covered on the ACCX exam
Guest Access with MAC caching
24% Secure Access Design and Implementation
Secure Access Services and Enforcement, Role Mapping
Understand Service Selection Rules
Radius CoA and Dynamic Authorization
Integration of Authorization Sources and External Context Servers into Enforcement
Integration of Endpoint Profiling into Enforcement
12% Onboard Deployments and BYOD
Onboard Portal Configuration, including the Network Settings
Certificate Authority Configuration
Authentication Methods and OCSP to insure proper Certificate revocation
BYOD Certificate Management
12% OnGuard and Endpoint Profile
Design and Configuration of Posture Policies
Quarantine and remediation based on Posture Token and the status of the agent.
Configuration and enforcement of webauth service for posture
Integration of Posture results in secure service Enforcement
4% Administrative Access
Customized Operator Profiles for ClearPass Guest
Customized Admin Privileges for the Policy Manager
ClearPass Admin Login service processing and profile mapping
TACACS authentication from Network Access Devices
4% Reporting
Scheduled Insight reports
Manually Run Insght repoprts
Alerts
QUESTION 1
You art deploying Cleat Pass Policy Manager with Guest functionality for a customer with multiple
Aruba Networks Mobility Controllers. The customer wants to avoid SSL errors during guest access but
due to company security policy cannot use a wildcard certificate on ClearPass or the Controllers.
What is the most efficient way to configure the customer’s guest solution? (Select two.)
A. Install the same public certificate on all Controllers with the common name “controller.{company domain)
B. Build multiple Web Login pages with vendor settings configured for each controller
C. Build one Web Login page with vendor settings for captiveportal-controller (company domain)
D. Build one Web Login page with vendor settings for controller (company domain)
E. Install multiple public certificates with a different Common Name on each controller
Answer: DE
QUESTION 2
A customer has deployed an OnGuard Solution to all the corporate devices using a group policy result
to push the OnGuard Agtnts. The network administrator is complaining that soma of the agents are
communicating to the ClearPass server that is located in a DMZ. outside the firewall The network
administrator wants all of the agents System Health Validation traffic to stay inside the Management subnets.
What can the ClearPass administrator do to move the traffic only to the ClearPass Management Ports?
A. Select the correct OnGuard Agent installer, and use the one configured for Management Port for the clients.
B. Filter TCP port 6658 on the firewall, forcing the OnGuard agent to use the ClearPass Management port.
C. Configure a Policy Manager Zone mapping so the OnGuard agent will use the Management Port IP.
D. Edit the agent.conf file being deployed to the clients to use the ClearPass Management Port for SHV updates
Answer: B
QUESTION 3
Which statements are true about that integration between ClearPass Policy Manager and ClearPass
Device Insight? (Select two)
A. Policy Manager stops using ClearPass Profiler for fingerprinting and uses Device Insight Analyzer
instead for endpoint in-depth data analysis.
B. ClearPass Device Insight updates ClearPass Policy Manager every 60 minutes if it detects a change
in device classification like device spoofing.
C. To provide enhanced profiling and reporting. additional configuration is required to transmit data
in both directions between CPPM and Device Insight.
D. When Device Insight integration mode is enabled. you can still use Update Fingerprint button to
Update Endpoints at Configuration > Identity > Endpoints
E. An attribute named Device Insight Tags art added to the Endpoints that art available to use in
service, role-mapping, and enforcement policy Rules
Answer: CD
QUESTION 4
A customer has acquired another company that has its own Active Directory infrastructure. The 802
1X PEAP authentication works with the customer’s original Active Directory servers but the customer
would like to authenticate users from the acquired company as well.
What steps are required, in regards to the Authentication Sources, in order to support this request?
(Select two.)
A. Create a new Authentication Source, type Active Directory.
B. Create a new Authentication Source, type Generic LDAP.
C. Add the new AD server(s) as backup into the existing Authentication Source.
D. There is no need to join ClearPass to the new AD domain.
E. Join the ClearPass server(s) to the new AD domain.
Answer: BD
